General
-
Target
cc199c666cc317b3f1208ef15a531bdacc813013562755ef0773e01592c8e36c
-
Size
4MB
-
Sample
230202-a8lqzafg21
-
MD5
75d8e81ccb1cc5527ffa3cef4663588a
-
SHA1
c8dfa493dde664679c04e1472bcf4fdf650b039f
-
SHA256
cc199c666cc317b3f1208ef15a531bdacc813013562755ef0773e01592c8e36c
-
SHA512
69532211543705df29982564ac5fbcc0adadf66dac3b801a1f0a232a914c30793675fe40559a788e8971b6357eb0b77486919e9bc3ce0c42a1b429dc10cecb51
-
SSDEEP
98304:ifP6JKXgGxPRAyMQc4SUMpUUUoMXvhLnTdH3V:ifP6cXlStQRuY53T
Malware Config
Targets
-
-
Target
cc199c666cc317b3f1208ef15a531bdacc813013562755ef0773e01592c8e36c
-
Size
4MB
-
MD5
75d8e81ccb1cc5527ffa3cef4663588a
-
SHA1
c8dfa493dde664679c04e1472bcf4fdf650b039f
-
SHA256
cc199c666cc317b3f1208ef15a531bdacc813013562755ef0773e01592c8e36c
-
SHA512
69532211543705df29982564ac5fbcc0adadf66dac3b801a1f0a232a914c30793675fe40559a788e8971b6357eb0b77486919e9bc3ce0c42a1b429dc10cecb51
-
SSDEEP
98304:ifP6JKXgGxPRAyMQc4SUMpUUUoMXvhLnTdH3V:ifP6cXlStQRuY53T
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation